Post
HIGH

Microsoft Working on Patch for 'RoguePlanet' Zero-Day

· zero-day · vulnerability · privilege-escalation · microsoft

Public proof-of-concept code exploits a race condition in Microsoft Defender that lets a local attacker spawn a command prompt with SYSTEM privileges. Microsoft has acknowledged the flaw, dubbed “RoguePlanet,” and is working on a patch, but none has shipped yet. Because Defender ships by default on most Windows systems, the unpatched window affects a broad install base. Defenders should watch for unexpected SYSTEM-level process spawns tied to Defender activity until a fix is available.